Simple CTF
___
( _ ) _ __ ___ __ _ _ __
/ _ \| '_ ` _ \ / _` | '_ \
| (_) | | | | | | (_| | |_) |
\___/|_| |_| |_|\__,_| .__/
|_|
[+] Scanning 10.10.25.17 [65535 ports]
[+] Enumerating 10.10.25.17 [21,80,2222]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-30 10:25 CDT
Nmap scan report for 10.10.25.17
Host is up (0.13s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: TIMEOUT
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:10.9.209.91
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 4
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.18 (Ubuntu)
| http-robots.txt: 2 disallowed entries
|_/ /openemr-5_0_1_3
2222/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 29:42:69:14:9e:ca:d9:17:98:8c:27:72:3a:cd:a9:23 (RSA)
| 256 9b:d1:65:07:51:08:00:61:98:de:95:ed:3a:e3:81:1c (ECDSA)
|_ 256 12:65:1b:61:cf:4d:e5:75:fe:f4:e8:d4:6e:10:2a:f6 (ED25519)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 38.29 seconds
[+] Enumerating 10.10.25.17 for vulnerabilities [21,80,2222]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-30 10:26 CDT
Pre-scan script results:
|_broadcast-avahi-dos: ERROR: Script execution failed (use -d to debug)
Nmap scan report for 10.10.25.17
Host is up (0.13s latency).
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open and hold
| them open as long as possible. It accomplishes this by opening connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_ http://ha.ckers.org/slowloris/
| http-enum:
|_ /robots.txt: Robots file
2222/tcp open EtherNetIP-1
Nmap done: 1 IP address (1 host up) scanned in 319.78 seconds
[+] Completed!
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : GET
:: URL : http://10.10.25.17/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
# on atleast 2 different hosts [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 131ms]
# This work is licensed under the Creative Commons [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 132ms]
# [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 133ms]
# or send a letter to Creative Commons, 171 Second Street, [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 900ms]
# Attribution-Share Alike 3.0 License. To view a copy of this [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 1892ms]
# directory-list-2.3-medium.txt [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 2895ms]
[Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 2899ms]
# [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 3904ms]
# Priority ordered case sensative list, where entries were found [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 3905ms]
# license, visit http://creativecommons.org/licenses/by-sa/3.0/ [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 4913ms]
# [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 4919ms]
# Copyright 2007 James Fisher [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 4919ms]
# [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 4919ms]
# Suite 300, San Francisco, California, 94105, USA. [Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 4921ms]
simple [Status: 301, Size: 311, Words: 20, Lines: 10, Duration: 125ms]
[Status: 200, Size: 11321, Words: 3503, Lines: 376, Duration: 130ms]------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Exploit Title | Path
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Bolt CMS < 3.6.2 - Cross-Site Scripting | php/webapps/46014.txt
CMS Made Simple < 2.2.10 - SQL Injection | php/webapps/46635.py
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution | php/webapps/51060.txt
Concrete CMS < 5.5.21 - Multiple Vulnerabilities | php/webapps/37225.pl
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities | php/webapps/17925.txt
Concrete5 CMS < 8.3.0 - Username / Comments Enumeration | php/webapps/44194.py
DeDeCMS < 5.7-sp1 - Remote File Inclusion | php/webapps/37423.txt
Drake CMS < 0.2.3 ALPHA rev.916 - Remote File Inclusion | php/webapps/2713.txt
Kirby CMS < 2.5.7 - Cross-Site Scripting | php/webapps/43140.txt
Monstra CMS < 3.0.4 - Cross-Site Scripting (1) | php/webapps/44855.py
Monstra CMS < 3.0.4 - Cross-Site Scripting (2) | php/webapps/44646.txt
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection | cfm/webapps/43045.txt
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload | php/webapps/44891.txt
zKup CMS 2.0 < 2.3 - Arbitrary File Upload | php/webapps/5220.php
zKup CMS 2.0 < 2.3 - Remote Add Admin | php/webapps/5219.php
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Bruh ._.
